What changed
RBI issued a circular on June 19, 2012, reiterating the importance of IT and IS governance structures as highlighted in the Monetary Policy Statement 2012-13. It calls on RRBs to adopt appropriate frameworks and systems, referencing the IDRBT document on organizational structure for IT in banking.
What it means for you
RRBs must now prioritize IT governance and information security at the Board level, moving beyond mere compliance to strategic oversight. This directive aims to enhance resilience against cyber threats and ensure business continuity, aligning RRBs with broader banking sector standards.
What you must do
- Adopt the IDRBT reference manual on IT organizational structure as a guide for governance frameworks.
- Ensure Board-level committees review and approve IT and IS governance policies regularly.
- Establish or strengthen business continuity and disaster recovery plans with periodic testing.
- Conduct gap analysis of current IT governance against RBI expectations and address deficiencies.
- Report compliance and progress to RBI as per any subsequent instructions.
Who it affects
All Regional Rural Banks (RRBs), Board of Directors of RRBs, IT and Information Security teams of RRBs, Senior management of RRBs
What is the IDRBT document mentioned in the circular?
It is a reference manual titled 'Organizational Structure for IT in the Indian Banking Sector' prepared by IDRBT, which provides guidance on setting up IT governance structures.
Does this circular apply to commercial banks or only RRBs?
This specific circular is addressed to all Regional Rural Banks (RRBs), but similar expectations apply to other banks via the Monetary Policy Statement.
What are the key areas the Board must focus on?
The Board must give adequate attention to governance, information security, and business continuity planning.